In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code.

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file.

Workaround:
Use the cacls program to deny access to the DLL containing the vulnerable code, PP4X32.DLL. This will prevent the vulnerable DLL from loading in PowerPoint, which will also prevent users from importing PowerPoint 4.0 files. If Office 2003 SP3 is being used, then the default behavior is to block the opening of PowerPoint 4.0 files. If the default behavior has been changed, restoring it is an effective workaround.